A user is anyone who holds an Waveset system account. Waveset stores a range of data for each user. Collectively, this information forms a user’s Waveset identity.
The Waveset Accounts / User List page lets you manage Waveset users. To access this area, click Accounts on the Administrator interface menu bar.
The accounts list shows all Waveset user accounts. Accounts are grouped into organizations and virtual organizations, which are represented hierarchically in folders.
You can sort the accounts list by full name (Name), user last name (Last Name), or user first name (First Name). Click the header bar to sort by a column. Clicking the same header bar toggles between ascending and descending sort order. When you sort by full name (the Name column), then all items in the hierarchy, at all levels, are sorted alphabetically.
To expand the hierarchical view and see accounts in an organization, click the triangular indicator next to a folder. Collapse the view by clicking the indicator again.
Use the actions lists (located at the top and bottom of the accounts area, as shown in Actions Lists in the Accounts Area), to perform a range of actions.
Actions list selections are divided among:
New Actions. Create users, organizations, and directory junctions.
User Actions. Edit, view, and change status of users; change and reset passwords; delete, enable, disable, unlock, move, update, and rename users; and run a user audit report.
Organization Actions. Perform a range of organization and user actions.
Use the accounts area search feature to locate users and organizations. Select Organizations or Users from the list, enter one or more characters that the user or organization name starts with in the search area, and then click Search. For more information about searching in the accounts area, see Finding and Viewing User Accounts.
Icons that display next to each user account indicate current, assigned account status. Table 3–1 describes what each icon represents.
Table 3–1 User Account Status Icon Descriptions
Indicator |
Status |
---|---|
|
The user’s Waveset account is locked. Note that this icon only reflects the locked state of the Waveset account, not any of the user’s resource accounts. Users become locked after exceeding the maximum number of failed Waveset account login attempts as defined in the Waveset Account Policy. Only failed password or question logins to Waveset accounts are counted towards the maximum allowed. Therefore, if an Waveset login application (that is, the administrator interface, the end-user interface, and so on) does not include the Waveset Login Module in its login module group, then the Waveset failed password policy will not be considered. However, regardless of the stack of login modules configured for a given Waveset login application, failed question logins that exceed the maximum configured in the Waveset Account Policy can cause a user to become locked and this icon to be displayed. For information on how to unlock accounts see To Unlock User Accounts. |
|
The administrator Waveset account is locked. Note that this icon only reflects the locked state of the Waveset account, not any of the administrator’s resource accounts. For more information, see the description for the user lockout icon, above. |
|
The account is disabled on all assigned resources and on Waveset. (When an account is enabled, no icon appears.) For information about how to enable disabled accounts, see Disabling, Enabling, and Unlocking User Accounts. |
|
The account is partially disabled, meaning that it is disabled on one or more assigned resources. |
|
The system attempted but failed to create or update the Waveset user account on one or more resources. (When an account is updated on all assigned resources, no icon appears.) |
In the Manager column, a manager’s user name appears inside parentheses if Waveset cannot find an Waveset account that matches the name listed.
This section describes the Create User, Edit User, and View User pages that are available in the Administrator interface. Instructions on how to use these pages appear later in this chapter.
This documentation describes the default set of Create User, Edit User, and View User pages that ship with Waveset. To better reflect your business processes or specific administrator capabilities, however, you should create custom user forms specifically for your environment. For more information about customizing the user form, see Chapter 2, Waveset Forms, in Oracle Waveset 8.1.1 Deployment Reference.
The default Waveset user pages are organized into the following tabs or sections:
Identity
Assignments
Security
Delegations
Attributes
Compliance
The Identity area defines a user’s account ID, name, contact information, manager, governing organization, and Waveset account password. It also identifies the resources to which the user has access, and the password policy governing each resource account.
For information about setting up account password policies, read the section in this chapter titled Managing Account Security and Privileges.
The following figure illustrates the Identity area of the Create User page.
The Resources area provides for the direct assignment of resources and resource groups to a user. Resource exclusions can also be assigned.
Directly assigned resources supplement resources that are indirectly assigned to the user through role assignment. Role assignment profiles a class of users. Roles define user access to resources through indirect assignment.
The Roles tab is used to assign one or more roles to a user, and manage those role assignments.
See To Assign Roles to a User for information about this tab.
In Waveset terminology, a user who is assigned extended capabilities is an Waveset administrator. Use the Security tab to assign a user administrator privileges.
For more information on using the Security tab to create administrators, see Creating and Managing Administrators.
The Security form consists of the following sections.
Admin roles. Assigns one or more administrative roles to the user. A role is a specific pairing of capabilities and controlled organizations that facilitates assigning administrative duties to users in a coordinated way.
Capabilities. Enables rights in the Waveset system. Each Waveset administrator is assigned one or more capabilities, frequently aligned with job responsibilities.
Capabilities are discussed on Understanding and Managing Capabilities. A list of task-based capabilities with definitions is included in Appendix D, Capabilities Definitions on Appendix D, Capabilities Definitions. This appendix also lists the tabs and subtabs that may be accessed with each capability.
Controlled organizations. Assigns organizations that this user has rights to manage as an administrator. He can manage objects in the assigned organization and in any organizations below that organization in the hierarchy.
To have administrator capabilities, a user must be assigned at least one Admin role, or one or more capabilities AND one or more controlled organizations. For more information about Waveset administrators, seeUnderstanding Waveset Administration.
User Form. Specifies the user form that the administrator will use when creating and editing users. If None is selected, the administrator will inherit the user form assigned to his organization.
View User Form. Specifies the user form that the administrator will use when viewing users. If None is selected, the administrator will inherit the view user form assigned to his organization.
Account policy. Establishes password and authentication limits.
The Delegations tab on the Create User page lets you delegate work items to other users for a specified length of time. For more information about delegating work items, read Delegating Work Items.
The Attributes tab on the Create User page defines account attributes associated with assigned resources. Listed attributes are categorized by assigned resource, and differ depending on which resources are assigned.
The Compliance tab:
Lets you select the attestation and remediation forms for the user account.
Specifies the assigned audit policies for the user account, including those in effect through the user’s Organization assignment. These policy assignments can be changed only by editing the user’s current organization or moving the user to another Organization.
Indicates the current status of policy scans, violations, and exemptions (as illustrated by the following figure), if applicable for the user account. The information includes the date and time of the last audit policy scan for the selected user.
To assign audit policies, move selected policies from the Available Audit Policies list to the Current Audit Policies list.
You can view compliance violations logged for a user for a specific time period, by selecting View Compliance Violation Log from the User Actions list and specifying the range of entries to view.